Wireless Technologies Comparison
Overview
This is a report was developed to help define the many Wireless technologies today. Some pros and cons of each technology are listed and further reference points are given. After reading this report, you will have a better understanding of how the wireless technologies differ and some of the security implementations of each. Consider this report a crash course and not a comprehensive study.
Table of Contents
Wireless
Technologies Comparison
Wireless
LAN Network Architectures
Wireless
Application Protocol (WAP)
Wired
Equivalent Privacy (WEP)
2. Theft or Loss of wireless devices
Wireless LAN Network Architectures
Ad-Hoc – This is
peer-to-peer setup where one wireless client talks directly to another without
passing through any additional access point or proxy. A common network identifier is used for peers
to communicate with each other.
Single Point of Access
– An Access Point is used in this type of setup to connect wireless users to a
wired network. The Access Point acts
like a bridge between the wireless users and the network with which they wish
to connect to. The Access Point is
responsible for authenticating the wireless users via password and possibly MAC
address. The distance of the wireless
system to the access point determines the network performance that user will
experience. A system that is 5 feet from
the Access Point could monopolize the bandwidth from other users not so close
and a system 20 feet away could experience degraded network performance. The area surrounding the Access Point is
referred to as “Basic Service Set”, or BSS.
Multiple Access Point
– This setup allows multiple Access Points for multiple systems to access the
network. The purpose for this is for
users to be able to roam between Access Points and be connected to the Access
Point that is closest to them. The
Access Points “hand-off” the users info and ensures the user is getting the
best network performance available.
Wireless Technologies
Infrared Wireless
2mbps
Can not penetrate opaque objects
Uses direct or diffused technology
Directed (Requires line of sight)
Diffused (Limited to short distances such as a
single room)
Radio Frequency (RF)
- Most use 2.4 GHz frequency range
- Most popular WLAN technology
- Covers long ranges
- Includes narrowband and spread spectrum technology
- Previous versions ran at 2 mbps
- Current run at 11 mbps
- New standards allow use at 54 mbps
Wireless Protocols
Wireless Application Protocol (WAP)
Operates over a multitude of different wireless
technologies:
Cellular Digital Packet Data (CDPD)
Code Division Multiple Access (CDMA)
Global System (GSM)
Built in security at the transport lawyer
similar to SSL
Enables a multitude of wireless devices
including cell phones and PDAs to have a common way to access the internet
The WAP Gap
WAP (Wireless Application Protocol) has an issue commonly referred to as the “WAP gap.”
WTLS TLS/SSL
Wireless
Device WAP Gateway Internet Server
WTLS: Wireless Transport Layer Security
Used in versions prior to WAP 2.0
Requires the WAP Gateway to decrypt WTLS
transmissions and the re-encrypt as TLS/SSL
Sensitive data is exposed as it traverses the
gateway
If an attacker were to compromise the gateway, they would be able to access all of the secure communications traversing the network juncture. The wireless carrier usually controls the wireless gateway. The user will not be able to gain any knowledge regarding the security in place at the gateway. This setup requires that the users implicitly trust that the gateway is secure and monitored.
WTLS is replaced by TLS in WAP 2.0. The gateway above is no longer needed to translate (decrypt from one standard and re-encrypt to another) since the Internet servers are able to interpret the TLS transmission directly. All data remains encrypted as it passes through the gateway. Since there is such a large difference in WAP technologies, the implementation of WAP 2.0 may take a long time.
Protecting WTLS WAP Gateways
Ensure the WAP Gateway never stores decrypted
content on secondary media
Implement additional security at the higher
layers
Secure the WAP gateway physically so that only
administrators have access to the system console
Limit administrative access to the WAP gateway
so that is not available to any remote site outside the firewall
Disconnect WAP application from the rest of the
network
Add WAP devices to your PKI infrastructure
Bluetooth
Can be used to almost connect any device to
another device
Operates at the 2.4 GHZ ISM Frequency band
Supports a range of 30 feet
Maximum bandwidth is 1 MB/s
Devices don’t need to be “line of sight”
Supports data, voice, and content-centric
applications
Uses FHSS at up to 1600 hops per second
Signal hops among 79 frequencies at 1 MHz
intervals for a high degree of interference immunity
Up to seven simultaneous connections can be
established and maintained
Will be embedded in future versions of Microsoft
Windows and Pocket PC’s
Each Bluetooth device stores the following:
48-bit unique device address
128-bit unique unit key
Each connection has a link key associated with it
The Link key is used to generate the encryption key
The link key value is chosen during connection setup for two devices that have not previously communicated. After this is done, it is used for authentication.
Bluetooth Security Issues
The link key is not really secret, connections
can be eavesdropped and deciphered
The encryption can be broken in some cases
A device’s address is unique – by tracking a
particular address a person’s activities can be tracked
A 4-digit PIN code must be entered manually each
time the device is used and this can be considered a hassle
To avoid the hassle of entering the 4-digit PIN
code each time, the PIN code can be stored in the devices memory or hard drive
creating a security vulnerability
The user chooses the PIN code, and the PIN code
requires no type of complexity. Users
can use ‘0000’ or ‘1234’
Securing Bluetooth
Because most of the problems associated with Bluetooth are inherent in the Bluetooth protocol and implementation, there are few solutions available. Best practices to date suggest:
Implement the necessary authentication
Implement the necessary encryption mechanisms at
the application layer
Avoid the use of Unit keys, use combination keys
instead
The Bluetooth specification defines 3 security modes:
Non-secure - Non-secure mode does not initiate
any kind of security.
Service-level security - In Service-level
security, security policies are defined by the access requirements of the
application the user is using.
Link level Security – Security standards are
established before the link setup is complete.
Perform
the bonding in an environment that is as secure as possible against
eavesdroppers, and use long random Bluetooth passkeys.
For
specific implementations and security concerning those implementations, please
see the white-paper on Bluetooth security at:
http://www.bluetooth.com/upload/24Security_Paper.PDF
802.11 Current
802.11 supports 3 physical layers
Infrared
Radio Frequency
FHSS-Frequency Hopping Spread Spectrum
DSSS-Direct Sequence Spread Spectrum
Technology spread into 802.11a, 802.11b, 802.11g
802.11b supports up to 11 Mbps at 2.4 GHz
802.11a supports up to 54 Mbps at 5 Ghz
802.11g supports up to 54 Mbps at 2.4 Ghz
802.11b only uses DSS which allows greater
throughput but is more susceptible to radio signal interference
802.11a are up to 5x
faster than 802.11b nets, but are not interoperable with 802.11b nets.
Access Control
Media Access Control (MAC) filtering
Perform Service Set Identifier (SSID)
Wired Equivalent Privacy (WEP)
Encrypts data with 40 or 128 bit keys
Automated tools exist to crack WEP encryption
keys
Exploits weakness in RC4 key scheduling algorithm
AirSnort tool can compute the key in less than 1
minute of sniffing wireless communication
Completely passive attack making it extremely
difficult to detect
Tools used to perform attack are freely
available for download on the internet
802.11b Security
Problems
Media Access Control (MAC) address
filtering – can be sniffed and spoofed.
Service Set Identifier (SSID) – broadcast by
access points and should not be considered secret.
The SSID can be easily sniffed
WEP Encryption can be easily cracked
40 or 128 bit Wired Equivalent Privacy – has
been broken using tools like:
Airsnort: http://airsnort.sourceforge.net
WEPCrack: http://sourceforge.net/projects/wepcrack
Solutions
Use a strong Authentication Mechanism
Require mutual authentication between client and
server
Utilize end-to-end encryption at the higher
protocol layers (e.g. SSH and SSL) – Using a VPN solution to replace WEP
Configure the Access Points to keep silent about
the SSID – Disable the Access Points beacon signal and configure it to ignore
anonymous request for the SSID.
802.11 Future
802.11c – support for 802.11 frames
802.11d – support for 802.11 frames, new
regulations
802.11e – QoS enhancements in the MAC
802.11f – Inter Access Point Protocol
802.11g – High Rate or Turbo Mode – 2.4GHz
bandwidth extension to 22Mbps
802.11h – Dynamic Channel Selection and
Transmit Power Control
802.11i – Security Enhancement in the MAC
802.11j – 5 GHz Globalization among IEEE, ETSI Hiperlan2, ARIB, HiSWANa
Top 5 Security Issues
Most information below was gathered from SANS, Information
Security Magazine and other top information security resources.
1. Eavesdropping
a. Issues
i. Attackers can gain access to wireless transmissions without being close to the network.
ii. Difficult to detect if someone is eavesdropping
iii. An attacker can gather critical or confidential material
b. Protecting from Eavesdropping
i. Use encryption like SSH, SSL, IPSec or VPN
ii. Prevent the Access Point from broadcasting the SSID
iii. Use authentication and access control (SSID and MAC address filtering) to prevent attackers from being able to connect to your network
2. Theft or Loss of wireless devices
a. Risk
i. Wireless devices can be stolen or lost
ii. Devices can contain confidential corporate information
iii. An Attacker can gain access to the network via a stolen device and information on that device
iv. Data on wireless devices is stored in clear text
b. Minimizing the Risk
i. Audit wireless devices in your environment regularly
ii. &n